PHPDirector 0.21 and previous versions stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file.
phpdirector phpdirector